blob: 5db8c9301e052863d9ca375e63bdc64273ca8eeb [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200903-09">
<title>OpenTTD: Execution of arbitrary code</title>
Multiple buffer overflows in OpenTTD might allow for the execution of
arbitrary code in the server.
<product type="ebuild">openttd</product>
<announced>March 07, 2009</announced>
<revised>March 07, 2009: 01</revised>
<package name="games-simulation/openttd" auto="yes" arch="*">
<unaffected range="ge">0.6.3</unaffected>
<vulnerable range="lt">0.6.3</vulnerable>
OpenTTD is a clone of Transport Tycoon Deluxe.
Multiple buffer overflows have been reported in OpenTTD, when storing
long for client names (CVE-2008-3547), in the TruncateString function
in src/gfx.cpp (CVE-2008-3576) and in src/openttd.cpp when processing a
large filename supplied to the "-g" parameter in the ttd_main function
<impact type="high">
An authenticated attacker could exploit these vulnerabilities to
execute arbitrary code with the privileges of the OpenTTD server.
There is no known workaround at this time.
All OpenTTD users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=games-simulation/openttd-0.6.3&quot;</code>
<uri link="">CVE-2008-3547</uri>
<uri link="">CVE-2008-3576</uri>
<uri link="">CVE-2008-3577</uri>
<metadata tag="requester" timestamp="Thu, 12 Feb 2009 19:13:14 +0000">
<metadata tag="submitter" timestamp="Fri, 13 Feb 2009 15:07:08 +0000">
<metadata tag="bugReady" timestamp="Fri, 13 Feb 2009 15:08:05 +0000">